Advanced Research Workshop Findings

Introduction

The NATO Science for Peace and Security Programme (SPS) seeks to enhance cooperation and dialogue on emerging security challenges by gathering insights from member states and partner countries, exploring basic and applied research activities, and sharing effective practices of advanced operational activities that are undertaken by private industry and public institutions. SPS initiatives are aligned with North Atlantic Treaty Organization (NATO) strategic objectives.

One emerging security challenge is that every country has embedded Information Communications Technologies (ICT) into every networked infrastructure. These technologies are designed to meet the demands for consumer ease of use, increased interoperability, and enhanced efficiency and productivity. There is increasing recognition that these products and services are not always well engineered and often have vulnerabilities that are being exploited for illicit and illegal purposes. In fact, the defenses of these networked infrastructures are tested daily, and the pace and scale of these threats is increasing in terms of frequency and gravity.

In 2011, NATO adopted a new cyber defense policy that articulated a clear vision of how the Alliance plans to improve its cyber defense posture. NATO understands that it must improve its capacity for Computer Network Defense (CND) and adopt effective practices for incident detection and response, especially with regard to the national networks on which NATO relies to carry out its primary mission of collective defense and crisis management. As such, an Advanced Research Workshop (ARW) entitled, 'Best Practices in Computer Network Defense (CND): Incident Detection and Response' was held from 11–13 September 2013 in Geneva, Switzerland, to exchange expert knowledge in cyber defense and discuss approaches and solutions to this emerging security challenge. Participants were selected from industry, academia, and public institutions which have direct hands-on experience with and responsibilities for incident detection and response. The workshop format included technical presentations followed by facilitated discussion in six key areas:

• What are the new threats and trends challenging operators and decision makers?
• What is the role of national and international strategies, legislation, and regulation to improve national incident response and international coordination?
• What are effective mechanisms for coordination and cooperation to prevent and respond to incidents?
• What emerging technologies exist for advanced prevention, detection, containment, and remediation for computer network defense?
• What metrics exist for measuring cyber security effectiveness?
• What is the role of standards and which standards are proving most useful for CND?

There was rich discussion during the course of the workshop and nearly a dozen technical papers were authored to support the exchange of information on effective policies, strategies, technologies, practices, measures, and standards for CND, incident detection, and response. The following paragraphs capture the essence of the discussion and discuss twenty-one specific findings from the workshop. Each finding contains expert insights, important examples, and actionable information that can inform decisions.

To continue reading, download the entire chapter below.